nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Daniel Kesselberg	240eb02585	Set associative = true for cleanup job Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	4 years ago
Lukas Reschke	474a5b55d3	Implement review feedback Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	4 years ago
Lukas Reschke	358eaba7dd	Apply suggestions from code review Signed-off-by: Lukas Reschke <lukas@statuscode.ch> Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>	4 years ago
Arthur Schiwon	0dee717c94	Confirm mails only per POST - this is to avoid automatic confirmation by certain softwares that open links Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	4 years ago
Arthur Schiwon	a20de15b43	add a job to clean up expired verification tokens Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	4 years ago
Arthur Schiwon	19cc757531	move verification token logic out of lost password controller - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	4 years ago
Lukas Reschke	471167019c	Implement PR review feedback Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	4 years ago
Lukas Reschke	a915372c56	phpcs Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	4 years ago
Lukas Reschke	378cc922c4	Adjust logic to store period instead of current timestamp Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	4 years ago
Lukas Reschke	d4f97affc1	Add database ratelimiting backend In case no distributed memory cache is specified this adds a database backend for ratelimit purposes. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	4 years ago
Daniel Kesselberg	0a15043f69	Throw exception if encrypting the data failed. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	5 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	5 years ago
J0WI	ca7b37ce5a	Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com>	5 years ago
Lukas Reschke	e5a4236e68	Increase subnet matcher Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	5 years ago
Roeland Jago Douma	16652ac6c6	Explicitly check hex2bin input For #23197 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
dependabot-preview[bot]	eb502c02ff	Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Morris Jobke	24d436cb60	Remove unneeded casts that were found by Psalm In preparation of the update of Psalm from 4.2.1 to 4.3.1+ (see https://github.com/nextcloud/server/pull/24521) Signed-off-by: Morris Jobke <hey@morrisjobke.de>	5 years ago
Christoph Wurst	d89a75be0b	Update all license headers for Nextcloud 21 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Julius Härtl	f5501ca276	Avoid checking for brute force protection capabilities when upgrading This might happen a releases that doesn't have this table yet Signed-off-by: Julius Härtl <jus@bitgrid.net>	5 years ago
Joas Schilling	5b5aebbf66	Replace the credentials table with one that can have empty user Primary key columns on Oracle can not have empty strings Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	1aa9c9164d	Fix comparing the empty string for global credentials Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	8027dcbc6f	Don't leave cursors open when tests fail Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Roeland Jago Douma	54b9f639a6	Always return the default path if we can Just check in the certifcate manager. So every part of the system that request the certificatebundle gets the defaullt one (the 99% case) if we can. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Morris Jobke	dc479aae2d	Improve CertificateManager to not be user context dependent * removes the ability for users to import their own certificates (for external storage) * reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions) The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	5 years ago
lynn-stephenson	648b60fa0e	Derive encryption key & MAC key from a single key. Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com>	5 years ago
Roeland Jago Douma	8fae2beece	Limit throttler to 48 hours Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Roeland Jago Douma	6c1b542def	Add cleanup job for old brutefoce attempts Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Morris Jobke	99c9423766	Remove @suppress SqlInjectionChecker Signed-off-by: Morris Jobke <hey@morrisjobke.de>	5 years ago
Joas Schilling	c25063dc07	Don't break when the IP is empty Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Christoph Wurst	2a054e6c04	Update the license headers for Nextcloud 20 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Joas Schilling	35a8519591	Fix CS Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	770381c0c6	Correctly return ms delay when at max Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	931aca2fee	Add missing default Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	d9c4c9eb99	Simplify array filter Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	dfeee3b850	Fix wrong doc + type hint Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	8376c4891f	Only throw when also the last 30 mins were attacking Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	6f751d01db	Make the throttling O(2^n) instead of O(n^n) Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	64539a6ee1	Make Throttler strict Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	c8fea66d65	Split delay calculation from getting the attempts Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	cdb36c8ead	Let the database count the entries Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Joas Schilling	e66bc4a8a7	Send "429 Too Many Requests" in case of brute force protection Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Morris Jobke	c0be7e329f	Prefer typed event over string based ones Signed-off-by: Morris Jobke <hey@morrisjobke.de>	5 years ago
Morris Jobke	bd997a105c	Fix code style Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Roeland Jago Douma	35ff4aa1c6	Use random_bytes Since we don't care if it is human readbale. The code is backwards compatible with the old format. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
MichaIng	229570badf	Apply Argon2 options for Argon2id hashing as well Signed-off-by: MichaIng <micha@dietpi.com>	6 years ago
MichaIng	ad60619655	Fix Argon2 options checks The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum. Options are now applied the following way: - If config.php contains the setting with an integer higher or equal to the minimum, it is applied. - If config.php contains the setting with an integer lower than the minimum, the minimum is applied. - If config.php does not contain the setting or with no integer value, the PHP default is applied. Signed-off-by: MichaIng <micha@dietpi.com> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Christoph Wurst	cb057829f7	Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Arthur Schiwon	5437844b7e	fix credentialsManager documentation and ensure userId to be used as string Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	6 years ago
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago

1 2 3 4

153 Commits (f4e4a85fcfc8ee25d4d398f5fa8aa657d4eaf08a)